PatchThisApp transforms vulnerability management by providing actionable intelligence that cuts through the noise of thousands of CVEs published monthly. Our platform aggregates and analyzes data from industry-leading sources to deliver a curated, prioritized list of vulnerabilities that matter most to your organization.

• Intelligent Prioritization: ML-driven scoring and analysis to focus on the most critical threats
• Real-time Intelligence: Continuous monitoring and updates from trusted security sources
• Modern Web Interface: Single-page application with dashboard analytics, data explorer, and dark mode
• CSV Data Export: Generated vulnerability dataset for integration into your workflows
• Enterprise Ready: Professional interface suitable for executive reporting
• Open Source: Transparent, community-driven development

Our platform integrates data from the most trusted vulnerability intelligence sources:

• Python 3.8+ (for data processing)
• Web server (for hosting static files)

1. Clone the repository

   git clone https://github.com/RogoLabs/patchthisapp.git
   cd patchthisapp

2. Install dependencies

   pip install -r requirements.txt

3. Generate vulnerability data

   python patchthisapp.py

4. Serve the web interface

   # Using Python's built-in server
   cd web
   python -m http.server 8000
   
   # Or using any web server of your choice

5. Access the dashboard Open your browser to http://localhost:8000

patchthisapp/
├── patchthisapp.py            # Core data processing engine
├── requirements.txt           # Python dependencies
├── web/                       # Static web interface
│   ├── index.html             # Single-page application
│   ├── modern.css             # Modern styling
│   └── data.csv               # Generated vulnerability data
├── data/                      # Raw data sources
│   └── data.csv               # Processed vulnerability dataset
├── scripts/                   # Helper scripts for data and analysis
│   ├── local_data.py          # Download all required data for local testing
│   └── column_summary.py      # Print summary stats for key columns
└── README.md                  # This file

The patchthisapp.py script is the heart of our intelligence platform:

Key Features:

• Automated Data Collection: Fetches from multiple trusted sources
• Data Normalization: Standardizes formats and removes duplicates
• Intelligent Scoring: Applies EPSS and CVSS scoring for prioritization
• Export Capabilities: Generates CSV output
• Error Handling: Robust error management and logging

New Columns:

• Vendor: The primary vendor associated with the vulnerability (from NVD CPE data)
• Affected Products: The main affected product(s) (from NVD CPE data)
• CVSS_Vector: The CVSS attack vector (e.g., NETWORK, ADJACENT, LOCAL)

Usage:

# Basic usage
python patchthisapp.py

# With custom output path
python patchthisapp.py --output /path/to/output.csv

# Custom EPSS threshold
python patchthisapp.py --epss-threshold 0.90

# Verbose logging
python patchthisapp.py --verbose

# Dry run (report what would be produced without writing files)
python patchthisapp.py --dry-run

The web interface is a single-page application built with vanilla HTML, CSS, and JavaScript. It loads data.csv and renders four main sections:

• Hero: Overview of the platform with key statistics and call-to-action links
• Dashboard: Vulnerability analytics with Chart.js visualizations including timeline trends, source distribution, CVSS score breakdown, attack vector analysis, EPSS distribution, and top affected products
• Data Explorer: Full data table with search filtering, sortable columns, and pagination for browsing the complete vulnerability dataset
• Sources: Intelligence source details and attribution

Additional features:

• Dark mode toggle for comfortable viewing in any environment
• Pagination with configurable page sizes for navigating large datasets
• Real-time search to instantly filter vulnerabilities by any field
• Chart.js visualizations for at-a-glance trend and distribution analysis
• Responsive design that works on desktop, tablet, and mobile

The generated data.csv includes the following columns:

• CVE: CVE identifier
• CVSS Score: Severity score (0.0-10.0)
• CVSS_Vector: CVSS attack vector (e.g., NETWORK, ADJACENT, LOCAL)
• EPSS: Exploit prediction score (0.0-1.0)
• Description: Vulnerability description
• Published: Publication date
• Source: Data source attribution
• Vendor: Primary vendor (from NVD CPE)
• Affected Products: Main affected product(s) (from NVD CPE)

Download all required data for local testing:

python scripts/local_data.py

This will fetch the latest NVD, CISA KEV, Metasploit, Nuclei, and EPSS data. Supports macOS and Linux.

Print summary statistics for Vendor, Affected Products, and CVSS_Vector columns:

python scripts/column_summary.py

This will print counts, unique values, and top values for the new columns in data/data.csv.

Extend the platform by adding custom data sources in patchthisapp.py:

def load_custom_source(source_url: str) -> pd.DataFrame:
    # Your custom data loading logic
    pass

Deploy to any static hosting platform:

• GitHub Pages: Automatic deployment from repository
• Netlify: Drag-and-drop deployment
• AWS S3: Static website hosting
• Cloudflare Pages: Global CDN deployment

FROM nginx:alpine
COPY web/ /usr/share/nginx/html/
EXPOSE 80

• HTTPS: Always use SSL in production
• CDN: Implement content delivery network
• Analytics: Add usage tracking if needed
• Automation: Schedule regular data updates

We welcome contributions from the security community! Here's how you can help:

• Bug Reports: Report issues or inconsistencies
• Feature Requests: Suggest new capabilities
• Documentation: Improve guides and examples
• Code Contributions: Submit pull requests
• Data Sources: Suggest additional intelligence feeds

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

• Follow PEP 8 for Python code
• Use meaningful commit messages
• Include documentation for new features
• Ensure backward compatibility

• ~2,000+ actively tracked CVEs
• 4 primary intelligence sources
• 24/7 monitoring and updates
• 99.9% uptime target

• <2s page load time
• Real-time search and filtering
• Mobile-optimized responsive design
• Lightweight ~100KB total assets

• No Data Collection: We don't track users or collect personal data
• Open Source: Complete transparency in methodology
• Secure Sources: All data from verified, trusted sources
• Regular Updates: Continuous security monitoring

Copyright (c) 2026 RogoLabs. This project is licensed under the MIT License - see the LICENSE file for details.

• Jerry Gamblin - Original creator and vision
• RogoLabs - Current maintainer and platform provider
• Security Community - Contributors and data source providers
• Open Source Projects - CISA, Rapid7, Project Discovery, and FIRST

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Website: RogoLabs
• Email: Contact through RogoLabs website